Search Exploit

CA API Developer Portal Cross Site Scripting

CA Technologies Support is alerting customers to a potential risk with CA API Developer Portal. A medium risk vulnerability exists that can allow a remote attacker to conduct reflected cross-site scripting attacks. CA published solutions to address the vulnerability. The vulnerability occurs due to insufficient parameter filtering in the web user interface, which can allow a remote attacker to launch reflected cross-site scripting attacks.

Customers may use the CA API Developer Portal web interface to findthe product version and review the information in the Affected andUnaffected Products sections to determine if the installation isvulnerable.

Solution

CA Technologies published the following solutions to address thevulnerability.

Apache OpenWhisk is prone to a remote code-execution vulnerability.An attacker may exploit this issue to inject and execute arbitrary code within the context of the affected application; this may aid in further attacks.Versions prior to Apache OpenWhisk 1.3.1 are vulnerable.